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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 17 August 2005 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-14.17-20 and 22-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) 1-14,17-20 and 22-25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^3 The drawing(s) filed on 28 June 2002 is/are: a)E>3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



Claims 1-14, 17-20 and 22-25 are pending. 



2. 



Claims 1,13, 17 and 22 are amended. 



3. 



Claims 15, 16, 21 and 26 are withdrawn by applicant. 



Response to Arguments 



4. Applicant's amendments/arguments filed on 08-17-2005 have been fully 
considered and therefore the claims are rejected under new grounds. The Examiner 
would like to point out that this action is made final (See MPEP 706.07a). 

Information Disclosure Statement PTO-1449 

5. The Information Disclosure Statement submitted by applicant on 05-25-2005 has 
been considered. 



6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) patent may not be obtained though the invention is not identically disclose or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claim Rejections - 35 USC § 103 
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7. Claims 1-14, 17-20 and 22-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over James M. Foley et al. (US Publication NO. 2002/0087894) in view of 
Gavin Walter Ehlers et al. (US Publication 2003/0172272). 

Regarding Claim 13 

Foley teaches a method for authenticating a user, comprising the steps of: (a) 
receiving a claimed identity of a user (paragraph [0035]); (b) receiving a first 
authentication sample from said user via a first communication channel (paragraph 
[0035] and [0050]); (c) receiving a second authentication sample from said user 
(paragraph [0038]-[0039]) via a second communication channel ((paragraph [0050]) 
(authentication system may use one or more communication channel 502)); (d) verifying 
at least one of said first and second authentication samples based on a stored template 
uniquely associated with said claimed identity; and (e) verifying another of said 
authentication samples in a manner independent of said verifying in (d); and (f) granting 
access to said user based on said verifying in steps (d) and (e) (paragraph [0035]- 
[0039]). Foley does not explicitly teach first authentication sample being previously 
securely provided to said user. However, in an analogous art, Ehlers teaches 
receiving a first authentication sample from said user via a first communication channel, 
((paragraph [0052]) ("once the user 12 receives the passcode by his or her mobile 
communication device 28, he or she offers it, via the IP network20")), said first 
authentication sample being previously securely provided to said user (paragraph 
[0070]). Therefore it would have been obvious to one having ordinary skill in the art at 
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the time the invention was made to modify Folley's method to include the first 
authentication sample being previously securely provided to the user. This would have 
been obvious because person having ordinary skill in the art at the time the invention 
was made would have been motivated to do so in order to provide a strong and secure 
user authentication system and furthermore to authenticate the identity of a user 
wishing to access a facility (paragraph [0009]). 

8. Claims 1,2, 5, 6, 8, 9, 11,14, 17-19, and 22-24 are rejected under 35 U.S.C. 
103(a) as being unpatentable over James M. Foley et al. (US Publication NO. 
2002/0087894) in view of Gavin Walter Ehlers et al. (US Publication 2003/0172272) 
further in view of Tadhg Kelly et al. (US Patent 6,678,826). 

Regarding Claim 1, 14 and 22 

Foley teaches a method/ computer-readable medium for authenticating a user, 
comprising the steps of: (a) receiving a claimed identity of a user (paragraph 
[0035]); (b) receiving a first authentication sample from said user via a first 
communication channel/ path (paragraph [0035] and [0050]); (c) establishing a 
second communication channel/ path with said user ((paragraph [0050]) 
(authentication system may use one or more communication channel 502)); (e) 
verifying at least one of said first and second authentication samples based on a 
stored template uniquely associated with said claimed identity; (e)verifying 
another of said authentication samples in a manner independent of said verifying 
in (d); and (g) granting access to said user based on said verifying in steps (e) 
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and (f) (paragraph [0035]-[0039]). Foley furthermore teaches authentication 
method may communicate the data to the user using different protocols 
(paragraph [0052] and [0053]). Foley does not explicitly teach first 
authentication sample being previously securely provided to said user. 
However, in an analogous art, Ehlers teaches receiving a first authentication 
sample from said user via a first communication channel/path, ((paragraph 
[0052]) ("once the user 12 receives the passcode by his or her mobile 
communication device 28, he or she offers it, via the IP network20")), said first 
authentication sample being previously securely provided to said user (paragraph 
[0070]). Therefore it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to modify Folley's method to include the 
first authentication sample being previously securely provided to the user. This 
would have been obvious because person having ordinary skill in the art at the 
time the invention was made would have been motivated to do so in order to 
provide a strong and secure user authentication system and furthermore to 
authenticate the identity of a user wishing to access a facility (paragraph [0009]). 
Foley and Ehlers do not explicitly teach said second communication channel/ 
path being out-of-band with respect to said first communication channel/ 
path and (d) performing at least a portion of a challenge-response protocol, 
regarding a second authentication sample, with said user over said second 
communication channel/ path. However, in an analogous art, Kelly discloses 
an out-of-band communication channel/ path (column 3, lines 45-48 and column 
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4, lines 55-59) and uses a challenge-response protocol (column 8, lines 51-53). 
Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to modify Folley's and Ehlers's method to include 
second communication channel/path being out-of-band and performing at least a 
portion of a challenge-response protocol, regarding a second authentication 
sample, with said user over said second communication channel/ path. This 
would have been obvious because person having ordinary skill in the art at the 
time the invention was made would have been motivated to do so in order to 
discriminate and permit limited access to some user and unlimited to others 
(column 5, lines 61-64). 



Regarding Claim 17 

Foley teaches a method for providing user authentication to control access 
to a protected application, comprising: (a) an interface, configured to receive a 
claimed identity of a user; (b) an interface, connected to a first communication 
path, configured to receive a first authentication datum associated with said user; 
(c) an interface, connected to a second communication path to said user 
(paragraph [0050])("authentication system may use one or more communication 
channel 502")); (e) means for verifying said first authentication datum based on 
a nominal identity of said user; and (f) means for verifying said second 
authentication datum independently of (e); and (g) means for granting access to 
said user after both authentication data are verified (paragraph [0035]- 
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[0039]). Foley furthermore teaches authentication method may communicate the 
data to the user using different types of communication (paragraph [0052] and 
[0053]) . Foley does not explicitly teach first authentication datum being 
previously securely provided to said user. However, in an analogous art, 
Ehlers teaches receiving a first authentication datum associated with said user 
((paragraph [0052]) ("once the user 12 receives the passcode by his or her 
mobile communication device 28, he or she offers it, via the IP network20")), said 
first authentication datum being previously securely provided to said user 
(paragraph [0070]). Therefore it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to modify Folley's method to 
include the first authentication datum being previously securely provided to the 
user. This would have been obvious because person having ordinary skill in the 
art at the time the invention was made would have been motivated to do so in 
order to provide a strong and secure user authentication system and furthermore 
to authenticate the identity of a user wishing to access a facility (paragraph 
[0009]). Foley and Ehlers do not explicitly disclose an interface, connected to a 
second communication path being out-of-band with respect to said first 
communication path; (d) means for performing, over said second 
communication path, at least a portion of a challenge-response 
communication regarding a second authentication datum associated with 
said user. However, in an analogous art, Kelly discloses an out-of-band 
communication channel (column 3, lines 45-48 and column 4, lines 55-59) and 
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uses a challenge-response communication (column 8, lines 51-53). Therefore it 
would have been obvious to one having ordinary skill in the art at the time the 
invention was made to modify Folley's and Ehlers's method to include second 
communication path being out-of-band and performing at least a portion of a 
challenge-response communication, regarding a second authentication datum. 
This would have been obvious because person having ordinary skill in the art at 
the time the invention was made would have been motivated to do so in order to 
discriminate and permit limited access to some user and unlimited to others 
(column 5, lines 61-64). 



Regarding Claim 2 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1 above and furthermore Foley teaches a method wherein said step (d) includes: 
(1) prompting said user via said second communication channel to provide at 
least one of said authentication samples; and (2) receiving said prompted 
authentication sample via said first communication channel ((paragraphs [0035]- 
[0039] and [0050]) ("authentication system may use one or more communication 
channel 502". Examiner considers using any other communication channel 502 
as applicant's second communication channel)). 
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Regarding Claims 5 and 9 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1 above and furthermore Foley teaches a method comprising changing 
(updating) a template database based on at least one of said verified 
authentication samples and where at least one of said authentication samples is 
a dynamically changing attribute held by said user ((paragraph [0038]) ("user 
may select changes to the authenticating method")). 

Regarding Claims 6, 8,19 and 24 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1,17 and 22 above and furthermore Foley teaches a method wherein said first 
communication channel/ path is telephonic and said second communication 
channel/ path is a computer network and at least one of authentication sample is 
a biometric attribute (paragraph [0026] and [0042]). 

Regarding Claim 11 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1 above and furthermore Foley teaches a method, wherein said step (f) includes 
the steps of: generating a first string based on said another authentication 
sample; independently generating a second string based on said claimed 
identity; digitally comparing said first and second strings; and authenticating said 
another authentication sample if said strings match (paragraph [0033]-[0039]). 
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Regarding Claim 18 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
17 above and furthermore Foley teaches a method, where (d) further comprises 
means for prompting said user via said second communication path to provide 
said second authentication sample via said first communication path (paragraph 
[0035]-[0039]) and furthermore Foley discloses that authentication system may 
use more communication channel for exchange of data (paragraph [0050]). 

Regarding Claim 23 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
22 above and furthermore Foley teaches a method, wherein at least one of said 
means for receiving includes: means for prompting said user via said first 
communication channel to provide at least one of said authentication samples; 
and means for receiving said prompted authentication sample via said second 
communication channel. ((Paragraphs [0035]-[0039] and [0050]) ("authentication 
system may use one or more communication channel 502". Examiner considers 
using any other communication channel 502 as applicant's second 
communication channel)). 

9. Claims 3, 4, 7, 10, 20 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over James M. Foley et al. (US Publication NO. 2002/0087894) in view of 
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Gavin Walter Ehlers et al. (US Publication 2003/0172272) in view of Tadhg Kelly et al. 
(US Patent 6,678,826) and further in view of Larry P. Heck (US Patent 6,671 ,672). 

Regarding Claims 3, 4, 7, 10, 20 and 25 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1,17 and 22 above and furthermore Foley teaches a method of voice recognition 
(paragraph [0026]). Foley, Ehlers and Kelly do not explicitly disclose converting 
said spoken authentication sample into textual form via the application of 
speech recognition techniques and said (e) includes authenticating a 
unique vocal characteristic of said user by applying a speaker verification 
protocol involving said claimed identity, said template, and said spoken 
authentication sample and determining a telephonic caller identification of 
said user. However in analogous art, Heck discloses a method of converting 
spoken authentication sample into textual form (column 6, lines 23-28), said (e) 
includes authenticating a unique vocal characteristic of said user by applying a 
speaker verification protocol involving said claimed identity, said template, and 
said spoken authentication sample (column 6, lines 16-43) and determining a 
telephonic caller identification of said user (column 4, lines 59-62). Therefore it 
would have been obvious to one having ordinary skill in the art at the time the 
invention was made to modify Folley's Ehlers's and Kelly'ls method to include 
converting spoken authentication sample into textual form, authenticating a 
unique vocal characteristic of said user by applying a speaker verification 
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protocol involving said claimed identity, said template, and said spoken 
authentication sample and determining a telephonic caller identification of said 
user. This would have been obvious because person having ordinary skill in the 
art at the time the invention was made would have been motivated to convert 
voice sample to text in order to compare the content of the output of the speech 
recognizer with the specified content, such as a stored password (column 4, lines 
50-53) and verify the identity of the user (column 4, lines 59-62). 

10. Claims 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over James 
M. Foley et al. (US Publication NO. 2002/0087894) in view of Gavin Walter Ehlers et al. 
(US Publication 2003/0172272) in view of Tadhg Kelly et al. (US Patent 6,678,826) and 
further in view of David L. Wood et al. (US Patent 6,668,322). 

Regarding Claim 12 

Foley, Ehlers and Kelly teach all limitation of the claim as applied to claim 
1 above but they do not explicitly teach enabling a single sign-on process by 
sharing said authentication across multiple applications requiring authentication 
during a common session. However in analogous art, Wood discloses a method 
of single sign-on process (column 4, lines 60-67 and column 5, lines 1-9). 
Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to modify Folley's Ehlers's and Kelly's method to 
include single sign-on-process. This would have been obvious because person 
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having ordinary skill in the art at the time the invention was made would have 
been motivated to do so in order to maintain continuity of a persistent session 
across multiple accesses to one or more information resources (column, lines 28- 
31). 

References Cited, Not Used 

1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

1. U.S. Publication No. 2003/0112972 

This reference relate to a data carrier for the secure transmission of information. 

2. U.S. Patent No. 6,070,243 

This reference relates to regulating connectivity to and communicability 
within communication networks. 

3. U.S. Patent No. 6,880,088 

This reference relates to apparatus and methods for transmitting secure 
messages in a digital communications network. 



Application/Control Number: 10/086,123 
Art Unit: 2137 



Page 14 



Conclusion 



Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



Ali Abyaneh - 
Patent Examiner 
Art Unit 2137 
11-26-05 
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